---
title: Social Engineering and Its Place in Society
section: "Introduction"
course: human_hacking
layout: lesson
---

As already discussed social engineering can be used in many areas of life, but
not all of these uses are malicious or bad. Many times social engineering can be
used to motivate a person to take an action that is good for them. How?

Think about this: John needs to lose weight. He knows he is unhealthy and needs
to do something about it. All of John's friends are overweight, too. They even
make jokes about the joys of being overweight and say things like, "_I love not
worrying about my figure_". On one hand, this is an aspect of social
engineering. It is social proof or consensus, where what you find or deem
acceptable is determined by those around you. Becase John's close associations
view being overweight as acceptable, it is easier for John to accept it.
However, if one of those friends lost weight and did not become judgamental but
was motivated to help, the possibility exists that John's mental frame about his
weight might change and he might start to feel that losing weight is possible
and good.

This is, in essence, social engineering. So you can clearly see how social
engineering fits into society and everyday life, the following sections present
a few examples of social engineering, scams, manipulation and a review of how
they worked.

## The 419 Scam

The 419 scam, better known as the Nigerian Scam, has grown into an epidemic.

Basically an email (or as of late, a letter) comes to the target telling him he
has been singled out for a very lucrative deal and all he needs to do is to
offer a little bit of help. If the victim will help the letter sender extract a
large sum of money from foreign banks he can have a percentage. After the target
is confident and signs "_signs on_", a problem arises that causes the target to
pay a fee. After the fee is paid another problem comes up, along with another
fee. Each problem is "_the last_" with "_one final fee_" and this can be
stretched out over many months. The victim never sees any money and loses from
$10,000 - $50,000 USD in the process. What makes this scam so amazing in the
past, official documents, papers, letterhead and even face-to-face meetings have
been reported.

Recently, a variation of this scam has popped up where victims are literally
sent a real check. The scammers promise a huge sum of money and want in return
only a small portion for their efforts. If the target will wire transfer a small
sum (_in comparison_) of $10,000, when they receive the promised check they can
deposit the check and keep the difference. The problem is that the check that
comes is a fraud and when the victim goes to cash it she is slapped with check
fraud charges and fines, in some cases _after_ the victim has already wired
money to the scammer.

This scam is successful because if plays on the victim's greed. Who wouldn't
give $10,000 to make $1,000,000 or even $100,000? Most smart people would. When
these people are presented with official documents, passports, receipts and even
official offices with "_government personnel_" then their belief is set and they
will go to great lengths to complete the deal. Commitment and consistency play a
part in this scam as well as obligation. I discuss these attributes in later
sections, you will see why this scam is so powerful.

## The power of scarcity

Scarcity is when people are told something they need or want has limited
availability and to get it they must comply with a certain attitude or action.
Many times the desired behaviour is not even spoken, but the way it is conveyed
is by showing people who are acting "_properly_" getting rewards.

[This
article](https://www.social-engineer.org/wiki/archives/Governments/Governments-FoodElectionWeapon.html)
talks about the use food to win elections in South Africa. When a group of
person does not support the "_right_" leader, foodstuffs become scarce and jobs
people once had are given to others who are more supportive. When people see
this in action, it doesn't take long to get them in line. This is a very
malicious and hurtful form of social engineering, but nonetheless, one to learn
from. It is often the case that people want what is scarce and they will do
anything if they are lead to believe that certain actions will cause them to
lose out on those items. What makes certain cases even worse, as in the earlier
example, is that a government took something necessary to life and made it
"_scarce_" and available only to supporters - _a malicious, but very effective,
manipulation tactic_.

## DarkMarket and Master Splynter

In 2009 a story broke about an underground group called DarkMarket - _the
so-called eBay for criminals, a very tight group that traded stolen credit
card numbers and identity theft tools, as well as the items needed to make fake
credentials and more_.

An FBI agent by the name of _J. Keith Mularski_ went under deep cover and
infiltrated the DarkMarket site. After a while, Agent Mularski was made an
administrator of the site. Despite many trying to discredit him he hung in for
more than three years as the admin of the site.

During this time, Mularski had to live as a malicious hacker, speak, act and
think as one. His pretext was one of a malicious spammer and he was
knowledgeable enough to pull it off. His pretext and social engineering skills
paid off because Agent Mularski infiltrated DarkMarket as the infamous Master
SplSplynter and after three years was essential in shutting down a massive
identity theft ring.

The three-year social engineering sting operation netted 59 arrests and
prevented over $70 million in bank fraud. This is just one example of how social
engineering skills can be used for good.
